Fidelity Bank, a financial institution in Nigeria classified as a second-tier bank with a valuation of 323 billion Nigerian Naira (approximately 205 million US dollars), has publicly refuted claims made by the Nigerian Data Protection Commission (NDPC) concerning an alleged incident of unauthorized access to customer data. Additionally, the bank has contested the penalty of 555.8 million Nigerian Naira (equivalent to 353,254 US dollars) that was levied by the NDPC.
The controversy centers on an accusation from a customer who asserted that Fidelity Bank had utilized their personal details without obtaining proper consent to initiate the creation of a bank account. In response to these allegations, Fidelity Bank has stated that their internal investigation found no evidence to support the occurrence of a data breach. Furthermore, the bank clarified that the process of opening the account in question was never finalized due to the absence of certain required documents.
Fidelity Bank issued a formal statement on May 2nd, 2023, addressing the NDPC’s concerns. The statement outlined that the bank had not contravened any legal regulations as there was no substantiated data breach, and the account opening procedure was incomplete. The bank emphasized that they had exercised appropriate measures by immediately freezing the account in question and ultimately closing it when the necessary documents were not submitted.
The NDPC, however, has accused Fidelity Bank of processing personal data without obtaining informed consent from the individuals concerned and for relying on third-party data processors that do not comply with regulatory standards. As a result, the NDPC imposed a fine of 555.8 million Nigerian Naira on the bank, justifying the penalty by referencing previous warnings issued to the bank and the absence of an adequate plan to rectify the situation.
Fidelity Bank has also disclosed that the NDPC had initially requested a remedial payment of 250 million Nigerian Naira (about 158,894 US dollars) on December 5, 2023. The bank challenged this initial demand, steadfast in their position that they had not breached any data protection laws. Despite ongoing discussions with the regulator, the NDPC escalated the fine to 555.8 million Nigerian Naira on August 20, according to the bank’s claims.
This dispute between Fidelity Bank and the NDPC is unfolding against a backdrop of heightened attention to issues of data privacy and security in Nigeria. In a related development, the Federal Competition and Consumer Protection Commission (FCCPC) imposed a substantial fine of 220 million US dollars on the messaging service WhatsApp, citing violations related to obtaining user consent for data usage.
